Crawl From X

The OpenClaw AgentSkills skill bundle 'crawl-from-x' is classified as benign. Its stated purpose is to scrape X/Twitter posts and media, which is consistently reflected in the code. The Python scripts (`craw_hot.py`, `media_downloader.py`) utilize `subprocess.run` to interact with the `openclaw browser` CLI for automation and `requests` for fetching data from Twitter APIs and media URLs. All file system operations (reading user lists, writing logs, results, and downloaded media) are confined to the skill's local directory. There is no evidence of data exfiltration to unauthorized external endpoints, installation of persistence mechanisms, or prompt injection attempts in the documentation that would manipulate the AI agent for malicious purposes. The JavaScript executed in the browser is internally defined for content extraction, not for arbitrary code execution from untrusted input.